/uma/permission_request
UMA permission endpoint, as defined in the Federated Authorization for User-Managed Access (UMA) 2.0 specification.
Use this endpoint to request permission tickets to the authorization server during the UMA grant flow.
| Action | HTTP Method |
|---|---|
| Request | POST |
You must compose the path to the token endpoint addressing the specific realm where the token will be issued. For example, https://openam.example.com:8443/openam/uma/realms/root/realms/subrealm1/permission_request.
The permission request endpoint does not support any parameters. To authenticate to the endpoint, send an Authorization: Bearer header with the PAT of the resource owner.
To request a ticket, send an HTTP POST call to the endpoint specifying the resource and the scope that the permission ticket applies to in body of the call as a JSON document that follows the UMA 2.0 specification. For example:
$curl -X POST \ --header 'authorization: Bearer 057ad16f-7dba-4049-9f34-e609d230d43a' \ --header 'cache-control: no-cache' \ --header 'content-type: application/json' \ --data '[ { "resource_id" : "ef4d750e-3831-483b-b395-c6f059b5e15d0", "resource_scopes" : ["download"] } ]' \ https://openam.example.com:8443/openam/uma/realms/root/permission_request{ "ticket": "eyJ0eXAiOiJ...XPeJi3E" }
Both of the objects in the JSON body are required. To obtain the resource ID, query the "/uma/resource_set" endpoint.
Tip
The default lifetime for a permission ticket is 120 seconds. Alter it by going to Realms > Realm Name > Services > UMA Provider, and editing the Permission Ticket Lifetime (seconds) property.
For an example of requesting a permission ticket in the flow, see The UMA Grant Flow.